A Stack Model for Symbolic Buffer Overflow Exploitability Analysis

Author

Grieco, Gustavo ; Mounier, Laurent ; Potet, Marie-Laure ; Rawat, Seema

Author_Institution

VERIMAG, Univ. of Grenoble, Grenoble, France

fYear

2013

fDate

18-22 March 2013

Firstpage

216

Lastpage

217

Abstract

Vulnerability analysis aims to detect programming flaws inside software code in order to prevent their exploitation by external attackers, for instance by control-flow hijacking. One of the most challenging issues in vulnerability analysis is being able to distinguish between exploitable and nonexploitable flaws. In this work we propose a symbolic approach to assess the exploitability level of a path leading to a flaw. This approach operates on (disassembled) binary code and starts with the identification of “dangerous paths”, i.e., paths containing some patterns that depend on inputs. Then, we produce the corresponding path conditions augmented by symbolic constraints dedicated to exploitability.

Keywords

binary codes; security of data; software reliability; control-flow hijacking; dangerous paths; disassembled binary code; exploitability level; external attackers; nonexploitable flaw; path conditions; programming flaws; software code; stack model; symbolic buffer overflow exploitability analysis; symbolic constraints; vulnerability analysis; Abstracts; Analytical models; Binary codes; Conferences; Educational institutions; Indexes; Memory management; binary analysis; constraint-satisfaction; exploitability; symbolic execution;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE Sixth International Conference on

Conference_Location

Luxembourg

Print_ISBN

978-1-4799-1324-4

Type

conf

DOI

10.1109/ICSTW.2013.33

Filename

6571633